ieee transactions on cloud computing 1 an efficient... index terms—mobile cloud storage,...

Click here to load reader

Post on 20-Jul-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

    This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCC.2015.2398426, IEEE Transactions on Cloud Computing

    IEEE TRANSACTIONS ON CLOUD COMPUTING 1

    TEES: An Efficient Search Scheme over Encrypted Data on Mobile Cloud

    Jian Li, Member IEEE/ACM, Ruhui Ma, Haibing Guan, Member IEEE/ACM

    Abstract—Cloud storage provides a convenient, massive, and scalable storage at low cost, but data privacy is a major concern that prevents users from storing files on the cloud trustingly. One way of enhancing privacy from data owner point of view is to encrypt the files before outsourcing them onto the cloud and decrypt the files after downloading them. However, data encryption is a heavy overhead for the mobile devices, and data retrieval process incurs a complicated communication between the data user and cloud. Normally with limited bandwidth capacity and limited battery life, these issues introduce heavy overhead to computing and communication as well as a higher power consumption for mobile device users, which makes the encrypted search over mobile cloud very challenging. In this paper, we propose TEES (Traffic and Energy saving Encrypted Search), a bandwidth and energy efficient encrypted search architecture over mobile cloud. The proposed architecture offloads the computation from mobile devices to the cloud, and we further optimize the communication between the mobile clients and the cloud. It is demonstrated that the data privacy does not degrade when the performance enhancement methods are applied. Our experiments show that TEES reduces the computation time by 23% to 46% and save the energy consumption by 35% to 55% per file retrieval, meanwhile the network traffics during the file retrievals are also significantly reduced.

    Index Terms—Mobile Cloud Storage, Searchable Data Encryption, Energy Effiiency, Traffic Efficiency.

    F

    1 INTRODUCTION Cloud storage system is a service model in which data are maintained, managed and backuped remotely on the cloud side, and meanwhile data keeps available to the users over a network. Mobile Cloud Storage (MCS) [1], [2] denotes a family of increasingly popular on-line services, and even acts as the primary file storage for the mobile devices [3]. MCS enables the mobile device users to store and retrieve files or data on the cloud through wireless communication, which improves the data availability and facilitates the file sharing process without draining the local mobile device resources [4].

    The data privacy issue is paramount in cloud storage system, so the sensitive data is encrypted by the owner before outsourcing onto the cloud, and data users re- trieve the interested data by encrypted search scheme. In MCS, the modern mobile devices are confronted with many of the same security threats as PCs, and various traditional data encryption methods are imported in MCS [5], [6]. However, mobile cloud storage system incurs new challenges over the traditional encrypted search schemes, in consideration of the limited comput- ing and battery capacities of mobile device, as well as data sharing and accessing approaches through wireless

    • J. Li is with the School of Software, Shanghai Jiao Tong University, Shanghai, China, 200240. E-mail: li-jian@cs.sjtu.edu.cn

    • H. Guan is with the Department of Computer Science and Technol- ogy, Shanghai Jiao Tong University, Shanghai, China, 200240. E-mail: hbguan@sjtu.edu.cn

    • R. Ma is with the Department of Computer Science and Technol- ogy, Shanghai Jiao Tong University, Shanghai, China, 200240. E-mail: ruhuima@sjtu.edu.cn

    H.B. Guan is the corresponding author.

    communication. Therefore, a suitable and efficient en- crypted search scheme is necessary for MCS.

    Generally speaking, the mobile cloud storage is in great need of the bandwidth and energy efficiency for data encrypted search scheme, due to the limited battery life and payable traffic fee. Therefore, we focus on the de- sign of a mobile cloud scheme that is efficient in terms of both energy consumption and the network traffic, while keep meeting the data security requirements through wireless communication channels.

    To this end, we introduce TEES (Traffic and En- ergy saving Encrypted Search) architecture for mobile cloud storage applications. TEES achieves the efficiencies through employing and modifying the ranked keyword search as the encrypted search platform basis, which has been widely employed in cloud storage systems. Tradi- tionally, two categories of encrypted search methods exit, that can enable the cloud server to perform the search over the encrypted data: ranked keyword search and boolean keyword search. The ranked keyword search adopts the relevance scores [7] to represent the relevance of a file to the searched keyword and sends the top-k relevant files to the client. It is more suitable for cloud storage than the boolean keyword search approaches (e.g. [8], [9], [10], [11]), since boolean keyword search approaches need to send all the matching files to the clients, and therefore incur a larger amount of network traffic and a heavier post-processing overhead for the mobile devices.

    By careful redesign of ranked keyword search pro- cedure, TEES offloads the security calculation to the cloud side to save the energy consumption of mobile devices, and TEES also simplify the encrypted search procedure to reduce the traffic amount for retrieving data

  • 2168-7161 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

    This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TCC.2015.2398426, IEEE Transactions on Cloud Computing

    IEEE TRANSACTIONS ON CLOUD COMPUTING 2

    from encrypted cloud storage. Besides the energy and traffic efficiencies, TEES is implemented with security enhancement in consideration of the modified encrypted search procedure in order to mitigate statistics information leak and keywords-files association leak [12] [13] for MCS, by adding noise in Term Frequency distribution function and keeping the Order Preserving Encryption attributes.

    Note that TEES is implemented with security en- hancement based on popular TF-IDF [13][14][15][16], but the essential security defects of this encryption ap- proach cannot be completely resolved. To the best of our knowledge, there is no unbreakable security scheme, but TEES architecture is general enough to host and enhance various encrypted search schemes as we will discuss in Section 4.3. Moreover, we suggest that a cloud storage service provider is semi-honest and will not collude with attacker in TEES, as most of the related works. TEES employs the architecture redesign over traditional encrypted search procedure, and our comprehensive experiments prove the TEES has following advantages in comparison with the traditional complex encrypted search procedure:

    1) TEES reduces the energy consumption by 35%∼55% by offloading the computation of the relevance scores to the cloud server. This reduces the computing workload on the mobile device side while at the same time significantly speeding up the mobile file access speed (e.g. it doubles the speed for accessing a 100KB file).

    2) With a simplified search and retrieval process, TEES reduces the network traffic for the commu- nication of the selected index, and reduces the file retrieval time by 23%∼46% in our experiments.

    3) In implementing the redesigned encrypted search procedure, TEES redistributes the encrypted index to avoid statistics information leak, and wraps keywords adding noise in order to render them indistinguishable to the attackers. Security analysis show that the security level of TEES is guaranteed and enhanced for MCS wireless communication channels.

    The rest of the paper is organised as follows: we introduce the traditional encrypted search architecture, related work, new opportunities and challenges in Sec- tion 2. Then we describe the design of TEES and discuss its efficiencies in terms of energy, traffic and execution time in Section 3. Then, Section 4 describes the module implementations and a security enhancement to the model is presented in Section 5. The performance is evaluated in Section 6. Conclusions and future work are discussed in Section 7.

    2 FILE RETRIEVAL IN CLOUD STORAGE 2.1 Traditional Encrypted Search over Cloud Data Traditional cloud storage system architecture and gen- eral procedures are shown in Figure 1, which include: file/index encryption by the data owner, outsourcing

    Data Owner Files

    Encrypted Index

    Encrypted Files

    Storage Nodes Cloud ServerOutsourcing

    Ou tsou

    rcin g

    Authentication

    1.E ncrypted K

    eyw ords

    2.Selected index

    4. F iles R

    etrieval

    5.Relevant Files

    3.Ranking Function

    Fig. 1. Traditional Encrypted Search Architecture

    the data to the cloud storage, and encrypted data search/retrieval procedure of the data users in cloud computing.

    2.1.1 File/Index Encryption The data owner first executes the preprocessing and indexing work as shown on Figure 2. He should invert files, that are selected to store on the cloud, for text search en

View more